US20150178489A1 - Method of authentication of at least one user with respect to at least one electronic apparatus, and a device therefor - Google Patents

Method of authentication of at least one user with respect to at least one electronic apparatus, and a device therefor Download PDF

Info

Publication number
US20150178489A1
US20150178489A1 US14/578,384 US201414578384A US2015178489A1 US 20150178489 A1 US20150178489 A1 US 20150178489A1 US 201414578384 A US201414578384 A US 201414578384A US 2015178489 A1 US2015178489 A1 US 2015178489A1
Authority
US
United States
Prior art keywords
electronic apparatus
user
authentication device
authentication
knob
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/578,384
Inventor
Asako Nakano
Kazuki Kizawa
Jeremy Godefroid
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Assigned to ORANGE reassignment ORANGE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Godefroid, Jeremy, Kizawa, Kazuki, NAKANO, ASAKO
Publication of US20150178489A1 publication Critical patent/US20150178489A1/en
Assigned to ORANGE reassignment ORANGE CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE ADDRESS PREVIOUSLY RECORDED AT REEL: 034889 FRAME: 0001. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT. Assignors: Godefroid, Jeremy, Kizawa, Kazuki, NAKANO, ASAKO
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the present disclosure relates to a method of authentication of at least one user with respect to at least one electronic apparatus by means of a portable electronic authentication device, as well as a portable electronic authentication device that may be used for such an authentication.
  • An exemplary embodiment of the present disclosure relates to a method of authentication of at least one user, by using a portable electronic authentication device, with respect to at least one electronic apparatus, the method comprising the steps of establishing a communication between the authentication device and the electronic apparatus; detecting a movement performed by a user using the authentication device; comparing the detected movement with a stored user profile; and authenticating the user if the detected movement matches the stored user profile.
  • Such a method allows a user to authenticate himself with an electronic apparatus by means of a personal, portable electronic authentication device.
  • the authentication device may be carried by the user, and is relatively easy to operate to perform a motion known only to the user.
  • the movement is a rotation about at least one axis of at least a portion of the authentication device so as to select at least one value of a series of passcode values.
  • the method thus offers a type of “dial safe” mechanism to be used to enter a passcode, such as a series of numbers known only to the user.
  • the communication is established by means of near field communication, the authentication device being powered by a magnetic field transmitted by the electronic apparatus.
  • a near field communication offers a short-range contactless solution, without the need for a cabled communication or batteries, offering more autonomy to the device and ease of use.
  • the method further comprises a step of authenticating at least one of:
  • Such additional authentication parameters measures can be used to increase the authentication level of the device, depending on the electronic apparatus, the number of users, etc. All measures are relatively simple to implement.
  • the method further comprises a preliminary step of configuring the user profile with respect to the authentication device.
  • the configuration of the user profile may be customized to the level of authentication necessary, the user's personal preferences, the sophistication of the authentication device, and so forth.
  • Embodiments also relate to a portable electronic authentication device comprising means for establishing a communication with at least one electronic apparatus, and means for detecting a movement of the authentication device by at least one user such that the detected movement can be compared with a stored user profile such that at least one user may be authenticated with respect to the electronic apparatus.
  • Such a device allows a user to authenticate himself with an electronic apparatus and is personal and portable.
  • the authentication device may be carried by the user, and is relatively easy to operate to perform a motion known only to the user.
  • the authentication itself may be performed by the device, by the electronic apparatus, or by a third means, such as by internet, a dedicated server, or the “cloud”.
  • the means for establishing a communication comprise a near field communication antenna configured to receive energy from a near field communication antenna of the electronic apparatus and to send data by modulation of a signal sent by the antenna of the electronic apparatus.
  • a near field communication offers a short-range contactless solution, without the need for a cabled communication or batteries, offering more autonomy to the device and ease of use.
  • the device further comprises at least one fingerprint reader arranged on an external surface of the device.
  • the fingerprint reader offers greater level of authentication, and is arranged for ease of use on the external surface.
  • the authentication device further comprises a memory, and a unique device identifier stored in the memory and used during the authentication process.
  • a device identifier provides an increased level of authentication.
  • the device comprises at least one of a visual indicator and a series of passcode values, such that a rotation about at least one axis of at least a portion of the device allows at least one of the passcode values to be selected.
  • the authentication device thus offers a type of “dial safe” mechanism to be used to enter a passcode, such as a series of numbers known only to the user.
  • the device further comprises a base portion and an upper portion, wherein one is fixed and the other is rotatable with respect to the fixed portion.
  • the device thus facilitates a cabled communication with the electronic apparatus.
  • the device further comprises at least one of:
  • Embodiments also relate to a system comprising a portable electronic authentication device according to one embodiment and at least one electronic apparatus, the electronic apparatus comprising means for establishing a communication with the authentication device, and means for authenticating at least one user by means of a detected movement performed by the user with the authentication device, by comparison with a stored user profile.
  • Such a system allows a more secure authentication process of the user with the electronic apparatus, since a specific portable authentication device is used.
  • Embodiments also relate to a computer program comprising instructions for the implementation of the method according to one embodiment when the program is carried out by a processor.
  • FIG. 2 is a perspective view of the authentication device placed on a surface of the electronic apparatus
  • FIG. 4 is a top view of the authentication device according to another embodiment
  • FIG. 5 is a perspective view of an authentication device according to another embodiment
  • FIG. 6 is a perspective view of a system comprising an electronic apparatus and an authentication device according to another embodiment
  • FIG. 7 is a flow chart of a method of configuring a user profile using an authentication device according to one embodiment.
  • FIG. 8 is a flow chart of a method of authenticating at least one user with respect to at least one electronic apparatus by means of an authentication device according to one embodiment .
  • tablette will be used to designate the electronic apparatus 10 for the sake of simplicity.
  • material elements such as portable devices including mobile telephones, music players, electronic readers, or laptop computers, stationary devices such as a desktop computer or electronic home appliances, areas protected by an electronic access device (lock) including a house, car, or workplace, and even immaterial elements such as internet sites, email accounts, and so forth.
  • lock electronic access device
  • knob will be used to designate the authentication device 20 , also for the sake of simplicity. For the moment, it may be considered as a small, portable, lightweight disk.
  • the knob 20 comprises a top planar surface 21 - 1 to face the user, a bottom planar surface 21 - 2 to be placed flat on the screen 11 of the tablet 10 , and a circular peripheral surface 21 - 3 .
  • the knob is configured to be rotated about an axis X-X′ perpendicular to the top and bottom surfaces 21 - 1 , 21 - 2 when placed on the screen or another flat surface.
  • the knob 20 further comprises, within the body of the knob, a movement detector 22 , a data processor 23 , a communication device 24 for establishing a communication with the tablet, and a memory 25 , all coupled to an internal bus 26 . These elements are represented schematically through the material of the knob.
  • the movement information may then be processed in at least three manners.
  • the movement information is transmitted by the communication devices 14 , 24 to the tablet 10 .
  • the tablet compares the received movement information with a user profile stored in its memory, fetched from a secure internet site, or transmitted from the memory of the knob. If there is a match, the authentication is completed.
  • the data processor 23 of the knob compares the movement information with a user profile stored in its memory 25 , and if there is a match, the knob sends a message to the tablet by means of the communication devices 14 , 24 , signifying that the authentication has been confirmed, such as “Authentication OK”. It may be noted that a double verification may be carried out by both the knob and tablet.
  • the movement information is transmitted by the communication devices 14 , 24 to the tablet 10 .
  • the tablet then connects to a third party, such as an internet site, a data server, or the “cloud”, wherein the user profile is stored.
  • the comparison is then performed by the third party, and a message is sent to the tablet signifying that the authentication has been confirmed, such as “Authentication OK”.
  • the same knob may be used by a same user with a plurality of electronic apparatuses, such as a tablet, a mobile phone, and a workplace workstation.
  • the knob may store information relating to which electronic apparatuses it may operate with, such as by storing electronic apparatus identifiers in its own memory.
  • the authentication may therefore consist of authenticating the knob with respect to the apparatus and of authenticating the apparatus with respect to the knob.
  • FIG. 4 is a top view of a knob 20 ′ placed in an authentication zone 12 ′ on the surface of the screen 11 , according to another embodiment.
  • the knob 20 ′ comprises a series 28 of passcode values 29 , here a series of numbers 0 to 9 on its top surface 21 - 1
  • the authentication zone 12 ′ comprises the central zone 17 and a visual indicator 18 .
  • the user again places the knob 20 ′ in the center of the authentication zone 12 ′ and rotates it with respect to the visual indicator 18 to select a passcode.
  • the knob and/or authentication zone may comprise letters, colors, pictures, or indeed any other grouping of items that allow a passcode to be selected.
  • the authentication zone may be personalized, modified, enlarged for better viewing, dimmed to reduce the risk of a third party seeing an entered code, and so forth.
  • the determination of whether to arrange the series of passcodes in the authentication zone or on the knob itself will depend in part on the diameter of the knob, the diameter of the authentication zone, the visibility of the markings, and so forth.
  • FIG. 5 shows a perspective view of a knob 20 ′′ according to another embodiment.
  • the knob 20 ′′ further comprises at least one fingerprint reader 40 .
  • the fingerprint reader 40 is preferably arranged on the side of the knob, such that when the knob 20 ′′ is grasped for manipulation, the user's finger is easily placed such that a fingerprint may be read.
  • a movement other than rotation of the knob may be carried out instead of or in addition to a rotation.
  • the movement may consist of a swipe of the knob across the surface of the tablet (left to right, right to left, up to down, down to up, diagonally, etc.) or the tracing of a shape (circle, square, diamond, triangle, number, letter, star, etc.).
  • the knob 20 , 20 ′, 20 ′′ comprises a unique device identifier ID that is stored in its memory. This identifier ID may be transmitted to the tablet 10 along with the movement information. The identifier ID may be set in a fixed manner during fabrication, or may be set by the user.
  • the external peripheral shape (surface 21 - 3 ) of the knob 20 , 20 ′, 20 ′′ varies from one knob to another.
  • Knobs of different basic shapes square, oval, star, circle, etc.
  • the tablet may then be programmed to detect the shape of the knob (such as when the knob is placed on the screen 11 or by taking a photograph) and match the shape of the knob with a shape stored in the user profile.
  • the knob 20 , 20 ′, 20 ′′ comprises a three-dimensional pattern, such as a series of dots (similar to that of Braille) or an engraved shape.
  • the pattern is ideally arranged on the bottom surface 21 - 2 of the knob, such that it comes into contact with a display screen 11 , particularly a touch screen, of the tablet 10 .
  • the tablet thus detects the three-dimensional pattern and compares it with a stored pattern.
  • the tablet 10 displays on the display screen 11 a plurality of possible positions for the knob 20 , 20 ′, 20 ′′, for example a grid consisting of X's or circles corresponding to the diameter of the knob.
  • the user is thus further required to place the knob on a predefined X or within a predefined circle, for example a top right circle, such that it may be authenticated. Otherwise, if the user does not place the knob in the correct position with respect to the screen, for example in a central circle, the authentication is refused since the position information is incorrect.
  • the knob 20 , 20 ′, 20 ′′ comprises a display configured to display a code, such as a four-digit code that changes every five minutes.
  • the user must then enter the code, either by rotation of the knob as described above in relation with FIGS. 3 and 4 , by means of a user input module (keyboard, touchscreen) of the tablet, or even by means of small buttons on the knob.
  • the code is then compared with a secure site that is updated along with the code transmitted to the knob.
  • the knob further comprises a location detector, such as indoor location techniques or a GPS (‘Global Positioning System’) detector.
  • the GPS detector may then send location information to the data processor 23 of the knob and/or of the tablet 10 , and the authentication of the user may be refused or a further authentication parameter may be required if the location information does not correspond with the user's typical location information.
  • the typical location information may be limited to a house and a workplace, or even to a city, and if a user attempts to authenticate from another location, such as another city, a further authentication parameter is performed.
  • an internal power source (battery) may be required to power the GPS detector.
  • the tablet also comprises a location detector, and the authentication of the user requires that both the tablet and the knob be in a specific location(s).
  • the tablet may be authorized for use in a living room with the knob located in a specific drawer, or within a certain distance, such as 5 meters.
  • the location detector may further be used to lock the tablet or require a re-authentication if for example it detects that the ensemble knob/tablet has been moved from the authorized location, or that one has been distanced from the other.
  • the location detector may further be used to lock the tablet or require a re-authentication if for example it detects that the ensemble knob/tablet has been moved from the authorized location, or that one has been distanced from the other.
  • the location detector may further be used to lock the tablet or require a re-authentication if for example it detects that the ensemble knob/tablet has been moved from the authorized location, or that one has been distanced from the other.
  • the location detector may further be used to lock the tablet or require a re-authentication if for example it detects that the ensemble knob/tablet has been moved from the authorized location, or that one has been distanced from the other.
  • the location detector may further be used to lock the tablet or require a re-authentication if for example it detects that the ensemble knob/tablet
  • the knob 20 , 20 ′, 20 ′′ further comprises a visual code such as bar code or QR (‘Quick Response’) code, also known as flash code, on its external surface.
  • QR ‘Quick Response’
  • the visual code is then also authenticated by the tablet 10 , such as by means of a camera or bar code reader.
  • biological indicators other than fingerprint readers may be implemented, such as retinal scanning, facial recognition, voice recognition, and the like.
  • acoustic indicators may also be used.
  • the acoustic indicators may for example be a series of beeps (similar to Morse code), spoken words, etc. emitted when the knob 20 , 20 ′, 20 ′′ is rotated.
  • the use of headphones plugged into a headphone jack of the tablet 10 would provide an extra authentication parameter since the acoustic indicators would not be heard by others.
  • FIG. 6 shows a perspective view of a system 50 according to one embodiment, comprising an electronic apparatus (laptop computer) 60 and a knob 70 .
  • the computer 60 and knob 70 comprise input/output ports 61 , 71 respectively, and are connected to each other by means of a wired (cable) communication 80 , such as a conventional USB (‘Universal Serial Bus’) cable.
  • a wired (cable) communication 80 such as a conventional USB (‘Universal Serial Bus’) cable.
  • the knob 70 comprises two parts—a fixed base portion 72 comprising the input/output port 71 , and a rotatable upper portion 73 .
  • the authentication zone may therefore be part of the knob itself, for example displayed on an upper peripheral surface 74 of the base 72 , the upper portion 73 comprising a visual indicator on an upper surface 75 , or vice versa.
  • the rotation of the upper portion 73 with respect to the base 72 thus allows the passcode to be selected.
  • the base 72 may be rotatable with respect to a fixed upper portion 73 , but this is likely to be more inconvenient for the user to manipulate.
  • the authentication zone is arranged in a permanent manner, for example a conventional mouse pad 90 comprising an authentication zone 91 .
  • the authentication zone is not strictly necessary, as the user may simply rotate the knob with respect to an imaginary point. Nevertheless, having a fixed and defined visual zone aids the user in the manipulation of the knob.
  • FIG. 7 is a flow chart of a method of configuring P 1 a user profile using a knob according to an embodiment.
  • a communication is established between the knob and the tablet.
  • the tablet recognizes that the knob has never been configured for use therewith, and may display a message such as “Configure new profile?” If the response is no N, the process stops X. If the response is yes Y, at a step S 3 , the tablet displays the authentication zone, and the user performs a movement with the knob to select a passcode.
  • the movement is detected and the passcode corresponding to the movement is saved in the memory of the knob, the tablet, or both.
  • the tablet displays a message such as “Set further authentication?” If the response is no N, at a step S 6 the user profile is saved and the user may then set a name for the profile, an authentication-level, as well as other options, such as whether the profile is specific to that device or may be used with any device.
  • a further authentication parameter is set, such as registering a fingerprint, a visual code, a unique device identifier ID, and so forth, depending on the configuration of the knob and the required authentication level.
  • the configuration process then returns to step S 5 , and continues until no other authentication parameters are to be set.
  • FIG. 8 is a flow chart of a method P 2 of authenticating the user with respect to the tablet, by means of the knob.
  • a communication is established between the knob and the tablet.
  • the tablet displays the authentication zone, and the user performs a movement with the knob to select a passcode.
  • the movement is detected by the movement detector 22 .
  • the passcode corresponding to the movement is compared with a stored user profile (in the memory of the knob or tablet).
  • the data processor (of the knob or the tablet) determines whether there is a match. If the response is no N, the authentication process stops X. If the response is yes Y, at a step S 16 the user is authenticated for use of the tablet.
  • a communication be established between the tablet and the knob before the user performs the movement of the knob.
  • the performed movement may be stored in the memory 25 of the knob and then transmitted at a later time. In this case, it may be desired to set a maximum time limit between the time that the movement is performed and the communication established for authentication, so as to reduce the risk of fraudulent use.
  • a plurality of user profiles for a single user may be stored, depending for example on the required level of authentication, the apparatus to be accessed, different applications of a single apparatus, and so forth.
  • a low-level authentication may consist of only the movement of the knob
  • a medium-level authentication may consist of the movement and a position information
  • a high-level authentication may consist of the movement, the position information, and a fingerprint reading.
  • a same movement may be associated with several user profiles, such as access by family members to their house. Nevertheless, in this case, an additional authentication may be desired, such as the transmission of the unique identifiers ID associated with each family member's device.
  • a same knob may be implemented, so that different family members have access to different user-appropriate features, email accounts, and the like.
  • the family members may distinguish themselves by having different passcodes or by fingerprint recognition for example.
  • several users may use a same knob to access different apparatuses, such as individual mobile phones.
  • the authentication of the user with respect to one apparatus may then be transmitted to the user's other apparatuses in the vicinity. For example, when the user wakes up in the morning, he can use the knob placed at the bedside to authenticate himself with respect to a mobile phone. The mobile phone can then transmit the authentication to a nearby tablet, laptop computer, and even electronic appliances such as to start a coffee maker
  • the knob may have other forms, such as a chess pawn, a small puck, a flat circular base with a handle projecting perpendicularly thereto, etc.
  • the knob is relatively lightweight, and an appropriate size for a user to grasp and manipulate, that is to say, not so large so as to be cumbersome and strain the hand, and not so small so as to be easily misplaced or hard to grasp.
  • the knob may have dimensions of 1.5 to 5 cm height, 2.5 to 7 cm of diameter, and a weight of 100 to 250 g. Nevertheless, these values are given for purposes of illustration only, and are not intended to be limiting.
  • the external shape of the knob may comprise indentations destined to receive fingertips such that the knob is grasped in a predefined manner.
  • fingerprint readers 40 may be placed within the indentations, such that when the knob is grasped, the fingers are automatically in contact with the fingerprint readers.
  • knobs have been described in relation with an NFC or cable communication, other communication types may be envisaged such as Bluetooth, 3G, WiFi, cellular, and so forth.
  • energy to power the knob has been described as either being sent by the cable or by NFC, the knob may instead comprise a conventional battery, a rechargeable battery, or even be powered by other means, such as solar.
  • a maximum authentication distance between the knob and the tablet may be defined, in order to increase the authentication level.
  • the tablet may be set in a wait mode and then receive the data from the knob after the movement has been performed.
  • the knob may transmit the movement information via internet to the tablet.
  • a defined authentication zone may be set, such as a zone of a predetermined size and/or located at a predetermined distance from the tablet, for example between 50 and 100 cm from the tablet.
  • the authentication zone may be the size of a conventional mouse pad, intended to be placed at a typical distance from a laptop computer.
  • the rotation of the knob has been primarily described as rotation about a single axis (X-X′), it will be understood that rotation about two or more axes may be envisaged.
  • the rotation has been described as with respect to the “authentication zone”, the rotation could comprise a simple action such as completely rotating the knob a certain number of times, such as three times. In this case, it may be desired to provide a further authentication measure.
  • the authentication has been described primarily in allowing access to an electronic apparatus, it may be interpreted instead or additionally as locking an apparatus, for example both opening and locking a door, a user account, etc. It may also be taken to mean authorizing delete/modification privileges of files, and in general any action that a user may wish to perform with respect to an apparatus.
  • the term “authenticate” should be interpreted in a general manner, and can also be taken to mean “validate”, “authorize”, or “verify”.
  • Embodiments of the disclosure also relate to a computer program comprising instructions for the implementation of the authentication method according to the disclosure, in particular that disclosed in relation with FIG. 8 .
  • Such a computer program may be supplied on a medium readable by computer upon which the program is stored, particularly in a non-transitory manner.
  • the program may be supplied with the authentication device to aid the user in configuring and using the device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

A method of authentication of at least one user, by using a portable electronic authentication device, with respect to at least one electronic apparatus. The method includes establishing a communication between the authentication device and the electronic apparatus, detecting a movement performed by the user using the authentication device, comparing the detected movement with a stored user profile, and authenticating the user if the detected movement matches a stored user profile.

Description

    FIELD OF THE DISCLOSURE
  • The present disclosure relates to a method of authentication of at least one user with respect to at least one electronic apparatus by means of a portable electronic authentication device, as well as a portable electronic authentication device that may be used for such an authentication.
  • BACKGROUND OF THE DISCLOSURE
  • Recent years have seen a growing interest in digital authentication (i.e. security), for example in order to access stored personal data, confidential documents, passwords, contacts, medical information, subscriber or user-appropriate content, secure areas, to complete financial transactions, to perform an electronic signature, and so forth. To this end, numerous methods have been developed to authenticate a user. These methods include traditional passwords and PIN (‘Personal Identification Number’) codes, with a recent move to biometric data such as fingerprints, voice or facial recognition, retinal scanning, etc.
  • Nevertheless, passwords, PIN codes, and even biometrical data can be replicated by a third party, depending on available computing power, time, and the authentication parameters implemented in an electronic apparatus to which the third party wishes to gain access. International publication WO 2013/0116743 discloses an electronic apparatus comprising a touch screen and configured to display an image upon the screen. The user is then required to perform one or more touch actions on the image, such as encircling or swiping an object, as part of a “digital signature scheme” in order to authenticate himself (or herself) with the apparatus. However, there is a risk that the action may be easily observed by a third party or guessed, such as for example drawing a heart around a loved one's photograph or pressing on a certain part of the image.
  • It may therefore be desired to provide a method and an authentication device that overcome such disadvantages.
  • SUMMARY
  • An exemplary embodiment of the present disclosure relates to a method of authentication of at least one user, by using a portable electronic authentication device, with respect to at least one electronic apparatus, the method comprising the steps of establishing a communication between the authentication device and the electronic apparatus; detecting a movement performed by a user using the authentication device; comparing the detected movement with a stored user profile; and authenticating the user if the detected movement matches the stored user profile.
  • Such a method allows a user to authenticate himself with an electronic apparatus by means of a personal, portable electronic authentication device. The authentication device may be carried by the user, and is relatively easy to operate to perform a motion known only to the user.
  • According to one embodiment, the movement is a rotation about at least one axis of at least a portion of the authentication device so as to select at least one value of a series of passcode values.
  • The method thus offers a type of “dial safe” mechanism to be used to enter a passcode, such as a series of numbers known only to the user.
  • According to one embodiment, the communication is established by means of near field communication, the authentication device being powered by a magnetic field transmitted by the electronic apparatus.
  • A near field communication offers a short-range contactless solution, without the need for a cabled communication or batteries, offering more autonomy to the device and ease of use.
  • According to one embodiment, the method further comprises a step of authenticating at least one of:
  • a unique device identifier of the authentication device,
  • a fingerprint information of the user,
  • a location information of the authentication device,
  • a position information of the authentication device with respect to the electronic apparatus,
  • an external visual code of the authentication device,
  • an external peripheral shape of the authentication device, and
  • an external three-dimensional pattern of the authentication device.
  • Such additional authentication parameters measures can be used to increase the authentication level of the device, depending on the electronic apparatus, the number of users, etc. All measures are relatively simple to implement.
  • According to one embodiment, the method further comprises a preliminary step of configuring the user profile with respect to the authentication device.
  • The configuration of the user profile may be customized to the level of authentication necessary, the user's personal preferences, the sophistication of the authentication device, and so forth.
  • Embodiments also relate to a portable electronic authentication device comprising means for establishing a communication with at least one electronic apparatus, and means for detecting a movement of the authentication device by at least one user such that the detected movement can be compared with a stored user profile such that at least one user may be authenticated with respect to the electronic apparatus.
  • Such a device allows a user to authenticate himself with an electronic apparatus and is personal and portable. The authentication device may be carried by the user, and is relatively easy to operate to perform a motion known only to the user. Furthermore, the authentication itself may be performed by the device, by the electronic apparatus, or by a third means, such as by internet, a dedicated server, or the “cloud”.
  • According to one embodiment, the means for establishing a communication comprise a near field communication antenna configured to receive energy from a near field communication antenna of the electronic apparatus and to send data by modulation of a signal sent by the antenna of the electronic apparatus.
  • A near field communication offers a short-range contactless solution, without the need for a cabled communication or batteries, offering more autonomy to the device and ease of use.
  • According to one embodiment, the device further comprises at least one fingerprint reader arranged on an external surface of the device.
  • The fingerprint reader offers greater level of authentication, and is arranged for ease of use on the external surface.
  • According to one embodiment, the authentication device further comprises a memory, and a unique device identifier stored in the memory and used during the authentication process.
  • A device identifier provides an increased level of authentication.
  • According to one embodiment, the device comprises at least one of a visual indicator and a series of passcode values, such that a rotation about at least one axis of at least a portion of the device allows at least one of the passcode values to be selected.
  • The authentication device thus offers a type of “dial safe” mechanism to be used to enter a passcode, such as a series of numbers known only to the user.
  • According to one embodiment, the device further comprises a base portion and an upper portion, wherein one is fixed and the other is rotatable with respect to the fixed portion.
  • The device thus facilitates a cabled communication with the electronic apparatus.
  • According to one embodiment, the device further comprises at least one of:
  • a location detection means,
  • an external visual code that may be detected by an electronic apparatus,
  • an external peripheral shape that may be detected by an electronic apparatus, and
  • an external three-dimensional pattern that may be detected by an electronic apparatus.
  • The above features provide an increased level of authentication, and may be used in combination.
  • Embodiments also relate to an electronic apparatus comprising:
      • means for establishing a communication with at least one portable electronic authentication device, and
      • means for comparing an information of a movement of the authentication device received from the authentication device with a user profile stored such that the user may be authenticated with respect to the electronic apparatus.
  • According to one embodiment, the user profile is stored in a memory of said electronic apparatus.
  • According to one embodiment, the electronic apparatus further comprises means for obtaining the user profile from a third party.
  • The third party maybe the portable electronic authentication device, a secure internet site, a data server located in the “cloud”, etc.
  • Embodiments also relate to a system comprising a portable electronic authentication device according to one embodiment and at least one electronic apparatus, the electronic apparatus comprising means for establishing a communication with the authentication device, and means for authenticating at least one user by means of a detected movement performed by the user with the authentication device, by comparison with a stored user profile.
  • Such a system allows a more secure authentication process of the user with the electronic apparatus, since a specific portable authentication device is used.
  • Embodiments also relate to a computer program comprising instructions for the implementation of the method according to one embodiment when the program is carried out by a processor.
  • Embodiments also relate to a medium readable by computer upon which the program according to one embodiment is stored.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Embodiments of the disclosure will be set forth in the following description in a non-limiting manner with reference the appended figures in which:
  • FIGS. 1A, 1B are perspective views of an electronic apparatus and a portable electronic authentication device according to one embodiment of the disclosure respectively,
  • FIG. 2 is a perspective view of the authentication device placed on a surface of the electronic apparatus,
  • FIG. 3 is a top view of the authentication device according to one embodiment,
  • FIG. 4 is a top view of the authentication device according to another embodiment,
  • FIG. 5 is a perspective view of an authentication device according to another embodiment,
  • FIG. 6 is a perspective view of a system comprising an electronic apparatus and an authentication device according to another embodiment,
  • FIG. 7 is a flow chart of a method of configuring a user profile using an authentication device according to one embodiment, and
  • FIG. 8 is a flow chart of a method of authenticating at least one user with respect to at least one electronic apparatus by means of an authentication device according to one embodiment .
  • DESCRIPTION OF EMBODIMENT OF THE DISCLOSURE
  • FIGS. 1A, 1B are perspective views of an electronic apparatus 10 and a portable electronic authentication device 20, respectively.
  • In the following, the term “tablet” will be used to designate the electronic apparatus 10 for the sake of simplicity. However, the disclosure is equally applicable to other electronic apparatuses to which a user wishes to authenticate himself, both material elements such as portable devices including mobile telephones, music players, electronic readers, or laptop computers, stationary devices such as a desktop computer or electronic home appliances, areas protected by an electronic access device (lock) including a house, car, or workplace, and even immaterial elements such as internet sites, email accounts, and so forth. Further, the term “knob” will be used to designate the authentication device 20, also for the sake of simplicity. For the moment, it may be considered as a small, portable, lightweight disk.
  • As shown in FIG. 1A, the tablet 10 comprises a display screen 11, an authentication zone 12 displayed on the screen, an input/output port 13, and a communication device 14 for establishing a communication with the knob. The tablet also comprises conventional internal electronics, comprising but not limited to a memory, a power supply such as a battery, a data processor, an internet communication device (Wifi, 3G, etc.), a camera, speakers, a microphone, a headphone jack, and the like which will not be further detailed here.
  • As shown in FIG. 1B, the knob 20 comprises a top planar surface 21-1 to face the user, a bottom planar surface 21-2 to be placed flat on the screen 11 of the tablet 10, and a circular peripheral surface 21-3. The knob is configured to be rotated about an axis X-X′ perpendicular to the top and bottom surfaces 21-1, 21-2 when placed on the screen or another flat surface. The knob 20 further comprises, within the body of the knob, a movement detector 22, a data processor 23, a communication device 24 for establishing a communication with the tablet, and a memory 25, all coupled to an internal bus 26. These elements are represented schematically through the material of the knob.
  • In this embodiment, the communication devices 14, 24 are conventional near field communication NFC means, such that the tablet operates as an active NFC reader and the knob operates as a passive NFC responder. The communication devices 14, 24 are thus NFC antennas arranged under the surface of the display screen 11 (preferably under the authentication zone 12) and above the bottom surface 21-2 of the knob 20 respectively. The knob thus receives power from the tablet and transmits data by modulation of the transmitted signal, in a known manner.
  • FIG. 2 is a perspective view of a system 30 comprising the tablet 10 and the knob 20. The knob has been placed flat on the display screen 11 of the tablet, within the authentication zone 12. The NFC antennas of the tablet and knob are thus in communication with each other.
  • FIG. 3 is a top view of the knob 20 placed in the authentication zone 12 on the surface of the screen 11, according to one embodiment of the disclosure. The authentication zone 12 comprises a series 15 of individual passcode values 16, here a series of numbers 0 to 9, and may further comprise a central zone 17 to aid the user in proper placement of the knob 20. The knob 20 comprises a visual indicator 27 on its top surface 21-1.
  • To operate the knob for authentication with respect to the tablet 10, the user must therefore place the knob 20 in the center of the authentication zone 12, and then rotate the knob 20 to select at least one value 16 of the series 15, for example four numbers relating to a PIN code, in a manner similar to that of spinning the dial of a safe. To this end, the movement detector 22 of the knob detects the rotation of the knob and provides a movement information, which may include clockwise or counter-clockwise rotation, degree and speed of rotation, and even amount of time paused at a position. This information (direction of rotation, speed, and pauses) may also be used in authenticating the user, since different users may rotate in different directions and/or rotate/pause at different rates. For example, the knob is first turned clockwise to select 1, then counter-clockwise to select 9, then clockwise to select 7, and again counter-clockwise to select 9, for a PIN code of 1979. The movement detector 22 may be a gyro-sensor, an accelerometer, a compass, a potentiometer, and the like, or even a combination of two or more of these means.
  • Once detected by the movement detector 22, the movement information may then be processed in at least three manners.
  • In a first manner, the movement information is transmitted by the communication devices 14, 24 to the tablet 10. The tablet then compares the received movement information with a user profile stored in its memory, fetched from a secure internet site, or transmitted from the memory of the knob. If there is a match, the authentication is completed.
  • In a second manner, the data processor 23 of the knob compares the movement information with a user profile stored in its memory 25, and if there is a match, the knob sends a message to the tablet by means of the communication devices 14, 24, signifying that the authentication has been confirmed, such as “Authentication OK”. It may be noted that a double verification may be carried out by both the knob and tablet.
  • In a third manner, the movement information is transmitted by the communication devices 14, 24 to the tablet 10. The tablet then connects to a third party, such as an internet site, a data server, or the “cloud”, wherein the user profile is stored. The comparison is then performed by the third party, and a message is sent to the tablet signifying that the authentication has been confirmed, such as “Authentication OK”.
  • It should be understood that the same knob may be used by a same user with a plurality of electronic apparatuses, such as a tablet, a mobile phone, and a workplace workstation. To this end, the knob may store information relating to which electronic apparatuses it may operate with, such as by storing electronic apparatus identifiers in its own memory. The authentication may therefore consist of authenticating the knob with respect to the apparatus and of authenticating the apparatus with respect to the knob.
  • In the case of an NFC communication link, it may be required to first place the antennas in communication with each other with the knob stationary so that the knob may receive power, then perform the rotation, and then again hold the knob stationary, such that a good communication is established between the antennas for transmitting data
  • FIG. 4 is a top view of a knob 20′ placed in an authentication zone 12′ on the surface of the screen 11, according to another embodiment. In this embodiment, the knob 20′ comprises a series 28 of passcode values 29, here a series of numbers 0 to 9 on its top surface 21-1, and the authentication zone 12′ comprises the central zone 17 and a visual indicator 18. The user again places the knob 20′ in the center of the authentication zone 12′ and rotates it with respect to the visual indicator 18 to select a passcode.
  • It will be understood by the skilled person that instead of a series of numbers, the knob and/or authentication zone may comprise letters, colors, pictures, or indeed any other grouping of items that allow a passcode to be selected. The authentication zone may be personalized, modified, enlarged for better viewing, dimmed to reduce the risk of a third party seeing an entered code, and so forth. Further, the determination of whether to arrange the series of passcodes in the authentication zone or on the knob itself (according to the embodiment of FIG. 3 or FIG. 4) will depend in part on the diameter of the knob, the diameter of the authentication zone, the visibility of the markings, and so forth.
  • FIG. 5 shows a perspective view of a knob 20″ according to another embodiment. In this embodiment, the knob 20″ further comprises at least one fingerprint reader 40. The fingerprint reader 40 is preferably arranged on the side of the knob, such that when the knob 20″ is grasped for manipulation, the user's finger is easily placed such that a fingerprint may be read.
  • In particular, though embodiments of the disclosure have been mainly directed to the rotation of the knob 20, 20′, 20″ with respect to a surface in order to select a passcode, it will be understood by the skilled person that a movement other than rotation of the knob may be carried out instead of or in addition to a rotation. For example, the movement may consist of a swipe of the knob across the surface of the tablet (left to right, right to left, up to down, down to up, diagonally, etc.) or the tracing of a shape (circle, square, diamond, triangle, number, letter, star, etc.).
  • It will be understood by the skilled person that authentication parameters other than a movement of the device may be implemented.
  • In one embodiment, the knob 20, 20′, 20″ comprises a unique device identifier ID that is stored in its memory. This identifier ID may be transmitted to the tablet 10 along with the movement information. The identifier ID may be set in a fixed manner during fabrication, or may be set by the user.
  • In one embodiment, the external peripheral shape (surface 21-3) of the knob 20, 20′, 20″ varies from one knob to another. Knobs of different basic shapes (square, oval, star, circle, etc.) can be manufactured, and the tablet may then be programmed to detect the shape of the knob (such as when the knob is placed on the screen 11 or by taking a photograph) and match the shape of the knob with a shape stored in the user profile.
  • In one embodiment, the knob 20, 20′, 20″ comprises a three-dimensional pattern, such as a series of dots (similar to that of Braille) or an engraved shape. The pattern is ideally arranged on the bottom surface 21-2 of the knob, such that it comes into contact with a display screen 11, particularly a touch screen, of the tablet 10. The tablet thus detects the three-dimensional pattern and compares it with a stored pattern.
  • In one embodiment, the tablet 10 displays on the display screen 11 a plurality of possible positions for the knob 20, 20′, 20″, for example a grid consisting of X's or circles corresponding to the diameter of the knob. The user is thus further required to place the knob on a predefined X or within a predefined circle, for example a top right circle, such that it may be authenticated. Otherwise, if the user does not place the knob in the correct position with respect to the screen, for example in a central circle, the authentication is refused since the position information is incorrect.
  • In one embodiment, the knob 20, 20′, 20″ comprises a display configured to display a code, such as a four-digit code that changes every five minutes. The user must then enter the code, either by rotation of the knob as described above in relation with FIGS. 3 and 4, by means of a user input module (keyboard, touchscreen) of the tablet, or even by means of small buttons on the knob. The code is then compared with a secure site that is updated along with the code transmitted to the knob.
  • In one embodiment, the knob further comprises a location detector, such as indoor location techniques or a GPS (‘Global Positioning System’) detector. The GPS detector may then send location information to the data processor 23 of the knob and/or of the tablet 10, and the authentication of the user may be refused or a further authentication parameter may be required if the location information does not correspond with the user's typical location information. In other words, the typical location information may be limited to a house and a workplace, or even to a city, and if a user attempts to authenticate from another location, such as another city, a further authentication parameter is performed. In this case, an internal power source (battery) may be required to power the GPS detector.
  • In one embodiment, the tablet also comprises a location detector, and the authentication of the user requires that both the tablet and the knob be in a specific location(s). For example, the tablet may be authorized for use in a living room with the knob located in a specific drawer, or within a certain distance, such as 5 meters.
  • Likewise, once the authentication has been completed, the location detector may further be used to lock the tablet or require a re-authentication if for example it detects that the ensemble knob/tablet has been moved from the authorized location, or that one has been distanced from the other. As a concrete example, if the user's house is an authorized location for the use of the tablet, and a thief steals the tablet from the house but not knob, the tablet is locked and can no longer be used. Indeed, even if the thief steals the knob as well, the tablet cannot be used because the location detector has detected that it is no longer in an authorized location.
  • In one embodiment, the knob 20, 20′, 20″ further comprises a visual code such as bar code or QR (‘Quick Response’) code, also known as flash code, on its external surface. The visual code is then also authenticated by the tablet 10, such as by means of a camera or bar code reader.
  • In one embodiment, biological indicators other than fingerprint readers may be implemented, such as retinal scanning, facial recognition, voice recognition, and the like.
  • Finally, in one embodiment, acoustic indicators may also be used. The acoustic indicators may for example be a series of beeps (similar to Morse code), spoken words, etc. emitted when the knob 20, 20′, 20″ is rotated. In this case, the use of headphones plugged into a headphone jack of the tablet 10 would provide an extra authentication parameter since the acoustic indicators would not be heard by others.
  • FIG. 6 shows a perspective view of a system 50 according to one embodiment, comprising an electronic apparatus (laptop computer) 60 and a knob 70. The computer 60 and knob 70 comprise input/ output ports 61, 71 respectively, and are connected to each other by means of a wired (cable) communication 80, such as a conventional USB (‘Universal Serial Bus’) cable. As the rotation of the knob 70 might be hindered by the presence of the cable 80, in this embodiment the knob 70 comprises two parts—a fixed base portion 72 comprising the input/output port 71, and a rotatable upper portion 73.
  • In this embodiment, the authentication zone may therefore be part of the knob itself, for example displayed on an upper peripheral surface 74 of the base 72, the upper portion 73 comprising a visual indicator on an upper surface 75, or vice versa. The rotation of the upper portion 73 with respect to the base 72 thus allows the passcode to be selected. It may be noted that the base 72 may be rotatable with respect to a fixed upper portion 73, but this is likely to be more inconvenient for the user to manipulate.
  • Alternatively, the authentication zone is arranged in a permanent manner, for example a conventional mouse pad 90 comprising an authentication zone 91.
  • It may be noted that the authentication zone is not strictly necessary, as the user may simply rotate the knob with respect to an imaginary point. Nevertheless, having a fixed and defined visual zone aids the user in the manipulation of the knob.
  • FIG. 7 is a flow chart of a method of configuring P1 a user profile using a knob according to an embodiment. At a step 51, a communication is established between the knob and the tablet. At a step S2, the tablet recognizes that the knob has never been configured for use therewith, and may display a message such as “Configure new profile?” If the response is no N, the process stops X. If the response is yes Y, at a step S3, the tablet displays the authentication zone, and the user performs a movement with the knob to select a passcode. At a step S4, the movement is detected and the passcode corresponding to the movement is saved in the memory of the knob, the tablet, or both.
  • At a step S5, the tablet displays a message such as “Set further authentication?” If the response is no N, at a step S6 the user profile is saved and the user may then set a name for the profile, an authentication-level, as well as other options, such as whether the profile is specific to that device or may be used with any device.
  • Otherwise, if the response is yes Y, at a step S7 a further authentication parameter is set, such as registering a fingerprint, a visual code, a unique device identifier ID, and so forth, depending on the configuration of the knob and the required authentication level. The configuration process then returns to step S5, and continues until no other authentication parameters are to be set.
  • It will be understood by the skilled person that other configuration methods can be implemented, for example manually entering a passcode by means of a keyboard of the tablet, automatic recognition of the knob and a factory-set passcode, a downloaded configuration program, etc.
  • FIG. 8 is a flow chart of a method P2 of authenticating the user with respect to the tablet, by means of the knob.
  • At a step S11, a communication is established between the knob and the tablet. At a step S12, the tablet displays the authentication zone, and the user performs a movement with the knob to select a passcode. At a step S13, the movement is detected by the movement detector 22.
  • At a step S14, the passcode corresponding to the movement is compared with a stored user profile (in the memory of the knob or tablet). At a step S15, the data processor (of the knob or the tablet) determines whether there is a match. If the response is no N, the authentication process stops X. If the response is yes Y, at a step S16 the user is authenticated for use of the tablet.
  • It may be noted that it is not essential that a communication be established between the tablet and the knob before the user performs the movement of the knob. The performed movement may be stored in the memory 25 of the knob and then transmitted at a later time. In this case, it may be desired to set a maximum time limit between the time that the movement is performed and the communication established for authentication, so as to reduce the risk of fraudulent use.
  • A plurality of user profiles for a single user may be stored, depending for example on the required level of authentication, the apparatus to be accessed, different applications of a single apparatus, and so forth. For example, a low-level authentication may consist of only the movement of the knob, whereas a medium-level authentication may consist of the movement and a position information, and a high-level authentication may consist of the movement, the position information, and a fingerprint reading.
  • Likewise, a same movement may be associated with several user profiles, such as access by family members to their house. Nevertheless, in this case, an additional authentication may be desired, such as the transmission of the unique identifiers ID associated with each family member's device.
  • Likewise, several users, such as those belonging to a single family, may use a same knob to access a same apparatus such as the family computer. In this case, a further authentication parameter may be implemented, so that different family members have access to different user-appropriate features, email accounts, and the like. The family members may distinguish themselves by having different passcodes or by fingerprint recognition for example. Additionally, several users may use a same knob to access different apparatuses, such as individual mobile phones.
  • In one embodiment, the authentication of the user with respect to one apparatus may then be transmitted to the user's other apparatuses in the vicinity. For example, when the user wakes up in the morning, he can use the knob placed at the bedside to authenticate himself with respect to a mobile phone. The mobile phone can then transmit the authentication to a nearby tablet, laptop computer, and even electronic appliances such as to start a coffee maker
  • The knob may have other forms, such as a chess pawn, a small puck, a flat circular base with a handle projecting perpendicularly thereto, etc. Ideally, the knob is relatively lightweight, and an appropriate size for a user to grasp and manipulate, that is to say, not so large so as to be cumbersome and strain the hand, and not so small so as to be easily misplaced or hard to grasp. The knob may have dimensions of 1.5 to 5 cm height, 2.5 to 7 cm of diameter, and a weight of 100 to 250 g. Nevertheless, these values are given for purposes of illustration only, and are not intended to be limiting.
  • The external shape of the knob may comprise indentations destined to receive fingertips such that the knob is grasped in a predefined manner. In particular, fingerprint readers 40 may be placed within the indentations, such that when the knob is grasped, the fingers are automatically in contact with the fingerprint readers.
  • Though embodiments have been described in relation with an NFC or cable communication, other communication types may be envisaged such as Bluetooth, 3G, WiFi, cellular, and so forth. Furthermore, though the energy to power the knob has been described as either being sent by the cable or by NFC, the knob may instead comprise a conventional battery, a rechargeable battery, or even be powered by other means, such as solar.
  • In the case of a non-contact non-cabled communication such as Bluetooth, a maximum authentication distance between the knob and the tablet may be defined, in order to increase the authentication level. In the case of a WiFi communication, either directly to each other or to a same WiFi access point, the tablet may be set in a wait mode and then receive the data from the knob after the movement has been performed. The knob may transmit the movement information via internet to the tablet.
  • A defined authentication zone may be set, such as a zone of a predetermined size and/or located at a predetermined distance from the tablet, for example between 50 and 100 cm from the tablet. In one embodiment, the authentication zone may be the size of a conventional mouse pad, intended to be placed at a typical distance from a laptop computer.
  • Though the rotation of the knob has been primarily described as rotation about a single axis (X-X′), it will be understood that rotation about two or more axes may be envisaged. Furthermore, though the rotation has been described as with respect to the “authentication zone”, the rotation could comprise a simple action such as completely rotating the knob a certain number of times, such as three times. In this case, it may be desired to provide a further authentication measure.
  • Finally, though the authentication has been described primarily in allowing access to an electronic apparatus, it may be interpreted instead or additionally as locking an apparatus, for example both opening and locking a door, a user account, etc. It may also be taken to mean authorizing delete/modification privileges of files, and in general any action that a user may wish to perform with respect to an apparatus. To this end, the term “authenticate” should be interpreted in a general manner, and can also be taken to mean “validate”, “authorize”, or “verify”.
  • Embodiments of the disclosure also relate to a computer program comprising instructions for the implementation of the authentication method according to the disclosure, in particular that disclosed in relation with FIG. 8.
  • Such a computer program may be supplied on a medium readable by computer upon which the program is stored, particularly in a non-transitory manner. The program may be supplied with the authentication device to aid the user in configuring and using the device.

Claims (17)

1. A method of authentication of at least one user, by using a portable electronic authentication device, with respect to at least one electronic apparatus, the method comprising:
establishing a communication between the authentication device and the electronic apparatus,
detecting a movement performed by the user using the authentication device,
comparing the detected movement with a stored user profile, and
authenticating the user if the detected movement matches the stored user profile.
2. The method according to claim 1,
wherein the movement is a rotation about at least one axis of at least a portion of the authentication device so as to select at least one value of a series of passcode values.
3. The method according to claim 1,
wherein the communication is established by means of near field communication, the authentication device being powered by a magnetic field transmitted by the electronic apparatus.
4. The method according to claim 1, further comprising authenticating at least one of:
a unique device identifier of the authentication device,
a fingerprint information of the user,
a location information of the authentication device,
a position information of the authentication device with respect to the electronic apparatus,
an external visual code of the authentication device,
an external peripheral shape of the authentication device, and
an external three-dimensional pattern of the authentication device.
5. The method according to claim 1, further comprising a preliminary step of configuring the user profile with respect to the authentication device.
6. A portable electronic authentication device comprising:
means for establishing a communication with at least one electronic apparatus, and
means for detecting a movement of the authentication device by at least one user such that the detected movement can be compared with a stored user profile such that the user may be authenticated with respect to the electronic apparatus.
7. The device according to claim 6, wherein the means for establishing a communication comprise a near field communication antenna configured to receive energy from a near field communication antenna of the electronic apparatus, and to send data by modulation of a signal sent by the antenna of the electronic apparatus.
8. The device according to claim 6, further comprising at least one fingerprint reader arranged on an external surface of the device.
9. The device according to claim 6, wherein the authentication device further comprises:
a memory, and
a unique device identifier stored in the memory and used during the authentication process.
10. The device according to claim 6, wherein the device comprises at least one of:
a visual indicator, and
a series of passcode values such that a rotation about at least one axis of at least a portion of the device allows at least one of the passcode values to be selected.
11. The device according to claim 6, wherein the device further comprises:
a base portion, and
an upper portion, wherein one is fixed and the other is rotatable with respect to the fixed portion.
12. The device according to claim 6, wherein the device further comprises at least one of:
a location detection means,
an external visual code that may be detected by an electronic apparatus,
an external peripheral shape that may be detected by an electronic apparatus, and
an external three-dimensional pattern that may be detected by an electronic apparatus.
13. An electronic apparatus comprising:
means for establishing a communication with at least one portable electronic authentication device, and
means for comparing an information of a movement of the authentication device received from the authentication device with a user profile stored such that the user may be authenticated with respect to the electronic apparatus.
14. The electronic apparatus according to claim 13, wherein the user profile is stored in a memory of said electronic apparatus.
15. The electronic apparatus according to claim 13, wherein the electronic apparatus further comprises:
means for obtaining the user profile from a third party.
16. A system comprising:
a portable electronic authentication device , comprising:
means for establishing a communication with an electronic apparatus, and
means for detecting a movement of the authentication device by at least one user such that the detected movement can be compared with a stored user profile such that the user may be authenticated with respect to the electronic apparatus; and
the electronic apparatus, the electronic apparatus comprising:
means for establishing the communication with the authentication device, and
means for authenticating the at least one user by the detected movement performed by the user with the authentication device, by comparison with the stored user profile.
17. A non-transitory computer-readable medium upon which a computer program comprising instructions is stored for performing a method of authenticating at least one user, by using a portable electronic authentication device, with respect to at least one electronic apparatus, when the instructions are executed by a processor, wherein the method comprises:
establishing a communication between the authentication device and the electronic apparatus,
detecting a movement performed by the user using the authentication device,
comparing the detected movement with a stored user profile, and
authenticating the user if the detected movement matches the stored user profile.
US14/578,384 2013-12-20 2014-12-20 Method of authentication of at least one user with respect to at least one electronic apparatus, and a device therefor Abandoned US20150178489A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP13306809.8A EP2887248A1 (en) 2013-12-20 2013-12-20 Method of authentication of at least one user with respect to at least one electronic apparatus, and a device therefor
EP13306809.8 2013-12-20

Publications (1)

Publication Number Publication Date
US20150178489A1 true US20150178489A1 (en) 2015-06-25

Family

ID=50028714

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/578,384 Abandoned US20150178489A1 (en) 2013-12-20 2014-12-20 Method of authentication of at least one user with respect to at least one electronic apparatus, and a device therefor

Country Status (2)

Country Link
US (1) US20150178489A1 (en)
EP (2) EP2887248A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160072799A1 (en) * 2014-04-14 2016-03-10 Huizhou Tcl Mobile Communication Co., Ltd. Method And System For Achieving Screen Unlocking Of A Mobile Terminal Through Retina Information Matching
US20160180077A1 (en) * 2014-12-22 2016-06-23 Wistron Corporation Handheld electronic device and method for entering password thereof
US20170086072A1 (en) * 2014-06-12 2017-03-23 Shenzhen Huiding Technology Co., Ltd. Mobile terminal security authentication method and system and mobile terminal
CN108369621A (en) * 2015-10-20 2018-08-03 比斯塔姆公司 It touches and sound authentication device
US20180284977A1 (en) * 2017-03-30 2018-10-04 Acer Incorporated Electronic devices, methods for controlling user interface and methods for sensing touch object
US20210026945A1 (en) * 2018-03-30 2021-01-28 Orange Method and Device for Authenticating a User
WO2021149632A1 (en) * 2020-01-20 2021-07-29 株式会社 東芝 Portable authentication device, ic card, and authentication system
US12003499B2 (en) * 2021-11-24 2024-06-04 Gerald Sindell Universal, hierarchally-outsourced multi-phased authentication framework with a central global database

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6642919B1 (en) * 2000-04-18 2003-11-04 Intertactile Technologies Corporation Integrated electrical controls and graphics display screens
US20070030963A1 (en) * 2005-08-04 2007-02-08 Apple Computer, Inc. Securing and controlling access to digital data
US20070266428A1 (en) * 2006-03-06 2007-11-15 James Downes Method, System, And Apparatus For Nested Security Access/Authentication
US20080222417A1 (en) * 2007-03-06 2008-09-11 James Downes Method, System, And Apparatus For Nested Security Access/Authentication With Media Initiation
US20080238879A1 (en) * 2000-09-26 2008-10-02 Denny Jaeger Touch sensor control devices
US20100033299A1 (en) * 2008-08-08 2010-02-11 Assa Abloy Ab Directional sensing mechanism and communications authentication
US20110126122A1 (en) * 2009-11-20 2011-05-26 George Forman Systems and methods for generating profiles for use in customizing a website
US20110210931A1 (en) * 2007-08-19 2011-09-01 Ringbow Ltd. Finger-worn device and interaction methods and communication methods
US20120017273A1 (en) * 2010-07-19 2012-01-19 Samsung Electronics Co., Ltd. Apparatus and method for improving the security in portable communication system
US20120019361A1 (en) * 2009-06-22 2012-01-26 Mourad Ben Ayed Systems for three factor authentication
US20120151339A1 (en) * 2010-12-10 2012-06-14 Microsoft Corporation Accessing and interacting with information
US20120182225A1 (en) * 2011-01-17 2012-07-19 Avago Technologies Ecbu Ip (Singapore) Pte. Ltd. Detection of Predetermined Objects with Capacitive Touchscreens or Touch Panels
US20120274585A1 (en) * 2011-03-16 2012-11-01 Xmg Studio, Inc. Systems and methods of multi-touch interaction with virtual objects
US8315876B2 (en) * 2008-05-09 2012-11-20 Plantronics, Inc. Headset wearer identity authentication with voice print or speech recognition
US20130057472A1 (en) * 2011-09-07 2013-03-07 Logitech Europe S.A. Method and system for a wireless control device
US20140115520A1 (en) * 2012-10-22 2014-04-24 Atheer, Inc. Method and apparatus for secure data entry using a virtual interface
US20140123258A1 (en) * 2012-10-31 2014-05-01 Sony Corporation Device and method for authenticating a user
US9160744B1 (en) * 2013-09-25 2015-10-13 Emc Corporation Increasing entropy for password and key generation on a mobile device
US9224029B2 (en) * 2013-06-14 2015-12-29 Apple Inc. Electronic device switchable to a user-interface unlocked mode based upon a pattern of input motions and related methods

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101699897B1 (en) * 2009-09-04 2017-01-25 토마스 스조케 A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange
EP2733750A4 (en) 2011-07-15 2014-12-03 Panasonic Corp Semiconductor light emitting element
US8769669B2 (en) 2012-02-03 2014-07-01 Futurewei Technologies, Inc. Method and apparatus to authenticate a user to a mobile device using mnemonic based digital signatures

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6642919B1 (en) * 2000-04-18 2003-11-04 Intertactile Technologies Corporation Integrated electrical controls and graphics display screens
US20080238879A1 (en) * 2000-09-26 2008-10-02 Denny Jaeger Touch sensor control devices
US20070030963A1 (en) * 2005-08-04 2007-02-08 Apple Computer, Inc. Securing and controlling access to digital data
US20070266428A1 (en) * 2006-03-06 2007-11-15 James Downes Method, System, And Apparatus For Nested Security Access/Authentication
US20080222417A1 (en) * 2007-03-06 2008-09-11 James Downes Method, System, And Apparatus For Nested Security Access/Authentication With Media Initiation
US20110210931A1 (en) * 2007-08-19 2011-09-01 Ringbow Ltd. Finger-worn device and interaction methods and communication methods
US8315876B2 (en) * 2008-05-09 2012-11-20 Plantronics, Inc. Headset wearer identity authentication with voice print or speech recognition
US8232879B2 (en) * 2008-08-08 2012-07-31 Assa Abloy Ab Directional sensing mechanism and communications authentication
US20100033299A1 (en) * 2008-08-08 2010-02-11 Assa Abloy Ab Directional sensing mechanism and communications authentication
US20120019361A1 (en) * 2009-06-22 2012-01-26 Mourad Ben Ayed Systems for three factor authentication
US20110126122A1 (en) * 2009-11-20 2011-05-26 George Forman Systems and methods for generating profiles for use in customizing a website
US20120017273A1 (en) * 2010-07-19 2012-01-19 Samsung Electronics Co., Ltd. Apparatus and method for improving the security in portable communication system
US20120151339A1 (en) * 2010-12-10 2012-06-14 Microsoft Corporation Accessing and interacting with information
US20120182225A1 (en) * 2011-01-17 2012-07-19 Avago Technologies Ecbu Ip (Singapore) Pte. Ltd. Detection of Predetermined Objects with Capacitive Touchscreens or Touch Panels
US20120274585A1 (en) * 2011-03-16 2012-11-01 Xmg Studio, Inc. Systems and methods of multi-touch interaction with virtual objects
US20130057472A1 (en) * 2011-09-07 2013-03-07 Logitech Europe S.A. Method and system for a wireless control device
US20140115520A1 (en) * 2012-10-22 2014-04-24 Atheer, Inc. Method and apparatus for secure data entry using a virtual interface
US20140123258A1 (en) * 2012-10-31 2014-05-01 Sony Corporation Device and method for authenticating a user
US9224029B2 (en) * 2013-06-14 2015-12-29 Apple Inc. Electronic device switchable to a user-interface unlocked mode based upon a pattern of input motions and related methods
US9160744B1 (en) * 2013-09-25 2015-10-13 Emc Corporation Increasing entropy for password and key generation on a mobile device

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160072799A1 (en) * 2014-04-14 2016-03-10 Huizhou Tcl Mobile Communication Co., Ltd. Method And System For Achieving Screen Unlocking Of A Mobile Terminal Through Retina Information Matching
US20170086072A1 (en) * 2014-06-12 2017-03-23 Shenzhen Huiding Technology Co., Ltd. Mobile terminal security authentication method and system and mobile terminal
US10390225B2 (en) * 2014-06-12 2019-08-20 Shenzhen GOODIX Technology Co., Ltd. Mobile terminal security authentication method and system and mobile terminal
US20160180077A1 (en) * 2014-12-22 2016-06-23 Wistron Corporation Handheld electronic device and method for entering password thereof
US9659167B2 (en) * 2014-12-22 2017-05-23 Wistron Corporation Handheld electronic device and method for entering password thereof
US20180307821A1 (en) * 2015-10-20 2018-10-25 Bystamp Touch and sound authentication device
CN108369621A (en) * 2015-10-20 2018-08-03 比斯塔姆公司 It touches and sound authentication device
RU2731663C2 (en) * 2015-10-20 2020-09-07 Байстэмп Tactile and sound authentication device
US20180284977A1 (en) * 2017-03-30 2018-10-04 Acer Incorporated Electronic devices, methods for controlling user interface and methods for sensing touch object
US20210026945A1 (en) * 2018-03-30 2021-01-28 Orange Method and Device for Authenticating a User
US11709926B2 (en) * 2018-03-30 2023-07-25 Orange Method and device for authenticating a user
WO2021149632A1 (en) * 2020-01-20 2021-07-29 株式会社 東芝 Portable authentication device, ic card, and authentication system
JP2021114145A (en) * 2020-01-20 2021-08-05 株式会社東芝 Portable authentication device, ic card, and authentication system
JP7414545B2 (en) 2020-01-20 2024-01-16 株式会社東芝 Portable authentication devices, IC cards and authentication systems
US12003499B2 (en) * 2021-11-24 2024-06-04 Gerald Sindell Universal, hierarchally-outsourced multi-phased authentication framework with a central global database

Also Published As

Publication number Publication date
EP2887248A1 (en) 2015-06-24
EP2887251A1 (en) 2015-06-24

Similar Documents

Publication Publication Date Title
US20150178489A1 (en) Method of authentication of at least one user with respect to at least one electronic apparatus, and a device therefor
US11170085B2 (en) Implementation of biometric authentication
DK180328B1 (en) Implementation of biometric authentication
US9141777B2 (en) Authentication method and code setting method and authentication system for electronic apparatus
US20160226865A1 (en) Motion based authentication systems and methods
CN101213559B (en) Communication device and communication system
US8769669B2 (en) Method and apparatus to authenticate a user to a mobile device using mnemonic based digital signatures
US10521574B2 (en) Portable electronic device
US20150349959A1 (en) User Authentication Retry with a Biometric Sensing Device
CA2769898C (en) Login method based on direction of gaze
CN106030599A (en) Continuous authentication with a mobile device
CN107066862A (en) Embedded authentication systems in electronic equipment
EP3472754B1 (en) Communication arrangement to electrically connect a slave to a host device
US20150281214A1 (en) Information processing apparatus, information processing method, and recording medium
US20140082569A1 (en) Security System and Methods For Portable Devices
KR20190064021A (en) Notebook for authenticaion using fingerprint recongnition and method of operating the same
WO2015151980A1 (en) Information processing system and computer program
KR102096824B1 (en) Apparatus and method for providing a security environment
EP3413226A1 (en) Method for authenticating a user and corresponding device and system
KR102017632B1 (en) User authentication system and method using a wearable terminal and a token issue terminal
JP2017021452A (en) Operator confirmation server, operator confirmation system, operator confirmation method and operator confirmation program
DK179714B1 (en) Implementation of biometric authentication
CN110886555A (en) BLE intelligent door lock interaction method
CN110821303A (en) BLE intelligence lock
KR20170102138A (en) Method for Providing Digital Contents of Golf Game by using Reverse Direction Certification

Legal Events

Date Code Title Description
AS Assignment

Owner name: ORANGE, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NAKANO, ASAKO;KIZAWA, KAZUKI;GODEFROID, JEREMY;REEL/FRAME:034889/0001

Effective date: 20141220

AS Assignment

Owner name: ORANGE, FRANCE

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE ADDRESS PREVIOUSLY RECORDED AT REEL: 034889 FRAME: 0001. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNORS:NAKANO, ASAKO;KIZAWA, KAZUKI;GODEFROID, JEREMY;REEL/FRAME:037055/0570

Effective date: 20141220

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION